54 matches found
CVE-2026-40068
In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...
CVE-2026-35675
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via...
CVE-2026-24887
Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted...
EUVD-2026-5159
Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted...
CVE-2026-24887
Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted...
PT-2026-6214
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.72 Description Claude Code is an agentic coding tool. A flaw in command parsing allowed bypassing the confirmation prompt, potentially triggering the execution of untrusted commands via the find command...
CVE-2025-9521
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...
CVE-2025-9521
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...
CVE-2025-9521
CVE-2025-9521 concerns a Password Confirmation Bypass in Omada Controllers. The trusted-source documents indicate that an attacker with a valid session token can bypass secondary verification and change a user’s password without proper confirmation, weakening account security. Affected product is...
CVE-2025-9521
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...
EUVD-2025-206348
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...
CVE-2025-9521 Password Confirmation Bypass in Omada Controller
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...
CVE-2026-21852 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation
Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets...
CVE-2025-13318 Booking Calendar Contact Form <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter
The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the dexbccfcheckIPNverification function. This makes it possible for unauthenticated...
EUVD-2015-3794
Malware in sbrugna...
EUVD-2015-4518
Malware in sbrugna...
EUVD-2022-52551
Malicious code in bioql PyPI...
EUVD-2022-51014
Malicious code in bioql PyPI...
EUVD-2023-31325
Malicious code in bioql PyPI...
EUVD-2025-27564
Malicious code in bioql PyPI...